The Register: Salesforce data missing? It might be due to Salesloft breach, Google says

Aug 27, 2025

—

Source URL: https://www.theregister.com/2025/08/27/salesforce_salesloft_breach/
Source: The Register
Title: Salesforce data missing? It might be due to Salesloft breach, Google says

Feedly Summary: Attackers steal OAuth tokens to access third-party sales platform, then CRM data in ‘widespread campaign’
Google says a recent spate of Salesforce-related breaches was caused by attackers stealing OAuth tokens from the third-party Salesloft Drift app.…

AI Summary and Description: Yes

Summary: This text highlights a significant security incident involving the theft of OAuth tokens from a third-party application, which led to unauthorized access to customer relationship management (CRM) data. This incident underscores the importance of securing OAuth implementations and the potential vulnerabilities posed by third-party integrations in cloud environments.

Detailed Description:
The text discusses a recent security breach affecting Salesforce users, where attackers exploited vulnerabilities in the OAuth token mechanism. This incident serves as a critical reminder for organizations using cloud-based services to ensure that their API security and identity access management practices are robust.

Key Points of Interest:

– **Incident Overview**: Attackers were able to access Salesforce data by stealing OAuth tokens from the Salesloft Drift application, leading to unauthorized access to sensitive CRM information.

– **OAuth Vulnerabilities**: The attack illustrates the dangers associated with improperly managed OAuth tokens and underscores the necessity for vigilant token management practices to prevent token theft and abuse.

– **Impact on Organizations**: Organizations that rely on third-party applications for CRM needs must consider the potential security implications of such integrations. It is essential to audit the security postures of third-party vendors and the permissions granted to their applications.

– **Best Practices**:
– Regular audits of connected apps to ensure they follow security best practices.
– Implementing the principle of least privilege for OAuth tokens to limit exposure.
– Monitoring and logging access to sensitive systems to detect unauthorized access attempts early.

– **Significance for Security Professionals**: This incident is a call to action for security and compliance professionals to enhance their security measures around cloud applications and third-party services, particularly focusing on authentication mechanisms like OAuth.

– **Regulatory Compliance Considerations**: Organizations must remain cognizant of compliance obligations regarding data protection and breach notification, particularly in contexts involving sensitive customer data.

In summary, this incident serves as a critical lesson in understanding the implications of OAuth security in cloud computing and emphasizes the need for stringent security practices surrounding third-party integrations.

2 2025 5 7 a abuse access access management Act age AI All and API API Security app Application applications art as at ated attack attacker attackers audit Audits authentication authentication mechanisms based based services Best best practices Bi breach breach notification breaches by by attack C CI CIA Cloud cloud applications cloud computing cloud environment cloud environments cloud-based co compliance compliance considerations compliance obligations compliance professionals Computing Context core critical CRM custom Customer customer data Customer Relations customer relationship management D data Data Protection de Drift app e end environment event exp exploit exploited vulnerabilities for g Gen GIS Go Google H high Highlight http HTTPS identity impact implementation implications in incident information integration integrations inter io Iron ite k Key l leading least Least Priv least privilege led Li logging low M man management management practices measures mission Monitor monitoring N needs no o OAuth OAuth Tokens of on ons organization organizations ory oS over party party applications party integration party integrations party services party vendor party vendors per permissions platform point post potential practices pre Principle of Least Privilege privilege pro professionals protection ps R rate RCE re regulatory regulatory compliance Ro RoT s sales Salesforce Salesloft sec security security and compliance security best practices security breach security implications security incident security measure security measures security posture security postures security practices security professionals service services side Sig size sizes SoC source SSE SSO stealing system systems T ted text the theft third third-party third-party applications to token token management tokens Tor TP unauthorized access under US use user Users uth uth tokens V vendor vendors vulnerabilities Wi x z